CVE-2018-25408

The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename parameter to acces...

EUVD-2018-21930

The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename parameter to acces...

CVE-2018-25393

Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can send GET requests to navigatedownload.php with path traversal payloads ../../../cfg/globals.php to...

CVE-2026-9508

The CVE-2026-9508 issue affects Suprema BioStar 2, versions 2.9.3–2.9.11, where incorrect permission settings on a critical resource allow backup ZIP files to be publicly exposed when an admin configures the NGINX webroot path. An attacker with network access can directly download backups via htt...

Exploit for Download of Code Without Integrity Check in Gin-Gonic Gin

gin-vulnerable Demo consumer pinned to github.c...

MantisBT Vulnerable to Stored XSS in File Download

Using showinline=1 parameter and a valid fileshowinlinetoken CSRF token on filedownload.php, an attacker can execute code by uploading a crafted XHTML attachment referencing a JavaScript attachment. Impact Cross-site scripting Patches - 26647b2e68ba30b9d7987d4e03d7a16416684bc2 Workarounds None...

CVE-2018-25312

CVE-2018-25312 affects LifeSize ClearSea 3.1.4. The vulnerability is a directory traversal in the smartgui interface that, when combined with uploading and manipulating path parameters, allows an authenticated attacker with network access to write files to arbitrary locations and potentially achi...

OpenClaw 代码问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 had code vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing vulnerability in the market plugin download function. This could allow remote...

CVE-2026-41302

OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows remote attackers to make arbitrary network requests. Attackers can exploit unguarded fetch calls to access internal resources or interact with external...

PT-2026-33869

OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows remote attackers to make arbitrary network requests. Attackers can exploit unguarded fetch calls to access internal resources or interact with external...

CVE-2026-34242

Weblate is a web based localization tool. In versions prior to 5.17, the ZIP download feature didn't verify downloaded files, potentially following symlinks outside the repository. This issue has been fixed in version 5.17...

CVE-2026-5530 Ollama Model Pull API download.go server-side request forgery

A flaw has been found in Ollama up to 18.1. This issue affects some unknown processing of the file server/download.go of the component Model Pull API. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this...

EUVD-2026-17877

A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by manipulating a file's path during its upload. When the file is subsequently downloaded, the file in the attacker controlled pat...

EUVD-2026-9989

Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. Prior to version 1.21.0, when a user requests a download, the application does not verify whether the requested file is located within the media source directory, which can result in sensitive system...

CVE-2019-25351

Centova Cast 3.2.11 contains a file download vulnerability that allows authenticated attackers to retrieve arbitrary system files through the server.copyfile API endpoint. Attackers can exploit the vulnerability by supplying crafted parameters to download sensitive files like /etc/passwd using cu...

CVE-2024-50617

Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers to download unauthorized files. An authenticated user can easily change the file id parameter or pass the physical file path in the URL query string to retrieve the files. Retriev...

CVE-2024-50617

Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers to download unauthorized files. An authenticated user can easily change the file id parameter or pass the physical file path in the URL query string to retrieve the files. Retriev...

PT-2026-7720

Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers to download unauthorized files. An authenticated user can easily change the file id parameter or pass the physical file path in the URL query string to retrieve the files. Retriev...

GHSA-96PQ-HXPW-RGH8 Craft CMS: save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying host

Summary - The saveimagesAsset graphql mutation allows a user to give a url of an image to download. Url must use a domain, not a raw IP. - Attacker sets up domain attacker.domain with an A record of something like 169.254.169.254 special AWS metadata IP - Attacker invokes saveimagesAsset with url...

CVE-2020-37117

jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that allows authenticated administrators to download arbitrary files. Attackers can exploit the vulnerability by sending crafted POST requests with malicious filepath and downloadurl parameters to trigger...